Filebeat收集简单Nginx日志

环境准备:

db01: 2-3G内存es kibana nginx Filebeat

准备ES单机环境

====================================
cat >/etc/Elasticsearch/elasticsearch.yml <<EOF
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 10.0.0.51,127.0.0.1
http.port: 9200
EOF     
====================================
yum install ntpdate -y
ntpdate time1.aliyun.com 
systemctl stop elasticsearch
systemctl stop kibana
rm -rf /var/lib/elasticsearch/*
rm -rf /var/lib/kibana/*
systemctl start elasticsearch
systemctl start kibana
netstat -lntup|grep 9200
netstat -lntup|grep 5601

filebeat收集简单Nginx日志

0.更新系统时间

ntpdate time1.aliyun.com

1.db01安装nginx

cat >/etc/yum.repos.d/nginx.repo<<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
EOF

yum makecache fast
yum install nginx -y
systemctl start nginx

2.准备测试页面

rm -rf /etc/nginx/conf.d/default.conf
mkdir /code/www -p
echo "www" > /code/www/index.html
chown -R nginx:nginx /code/
cat >/etc/nginx/conf.d/www.conf <<EOF
server {
listen 80;
server_name www.mysun.com;
location / {
root /code/www;
index index.html index.htm;
}
}
EOF

nginx -t
systemctl restart nginx
curl 127.0.0.1

3.安装filebeat

rpm -ivh filebeat-6.6.0-x86_64.rpm
rpm -qc filebeat

4.配置filebeat

cp /etc/filebeat/filebeat.yml /opt/
cat >/etc/filebeat/filebeat.yml<<EOF
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
EOF

5.启动并检查

systemctl start filebeat
tail -f /var/log/filebeat/filebeat

5.查看日志结果

es-head查看

6.kibana添加

Management >> Index Patterns >> filebeat-6.6.0-2019.12.05 >> @timestamp >> create >> discover